package org.wby.jwt.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;
import java.util.Collections;

@Configuration
public class SecurityBeanConfig {
    @Bean(name = "webCorsConfigSource")
    public CorsConfigurationSource webCorsConfigSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowCredentials(true);
        //允许的网址
        configuration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
        //允许的请求方法
        configuration.setAllowedMethods(Collections.singletonList(CorsConfiguration.ALL));
//        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "DELETE"));
        //允许的请求头
        configuration.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL));
//        configuration.setAllowedHeaders(Collections.singletonList("*"));

        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }

    /*
    * 指定密码存储
    * */
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
